Hacker image by Şifre Kırma ÇalmaAnother university has reported that student groups’ treasurers are receiving fraudulent requests for wire transfers of money. These reports are another example of criminals using a college’s or university’s directory information to attack students.

Even though we have not seen this spear phishing attack at UD, we wanted to document it as a new variation on the phishing and vishing (voice phishing) scams seen at UD. Here’s an edited version of the other university’s report:

Wire fraud has been in the news this year. It involves criminals who carefully research organizations to find someone in authority (supervisor, CEO, director, etc.) and the person who handles money and office tasks.

We have received several reports on campus. In previous reports, forged e-mail would allegedly be sent from

  • A supervisor who asks an office assistant to send him all W2 forms for employees
  • A supervisor who sends a request to the office assistant asking for a specific sum of money, often to be transferred via wire transfer.

We’ve seen a new variation on this scam. The latest report was very alarming because it targeted the officers of some student groups. The hackers browsed university and club websites to find club officers, their titles, and their email addresses. Then they released the new attack on club officers:

  • The fake email from the club president goes to the club secretary or treasurer asking that a cash transaction or wire transfer of several thousand dollars be sent regarding “some sort of fundraiser.”

In this case, the treasurer exchanged email with the hacker for a bit then contacted the faculty advisor.

Scammers try to defraud students on a regular basis and adjust their attacks based on current events. For example, as news of President Trump’s proposed travel ban was released, international students at UD (and other colleges and universities) received fraudulent threatening phone calls demanding that fines and fees be paid by gift card (!) or wire transfer. The scammers threatened the students with deportation if they did not comply.

Now that it’s spring semester, scammers may begin launching phishing and vishing attacks on student groups working on their fundraising projects.

If you know a UD RSO, Greek organization, or club team has received unusual requests for submitting funds, have the RSO’s treasurer contact University police at (302) 831-2222.